fix(auth): sign out regardless of request success (#375)

leoMehlig · grdsdev · web-flow · commit 25178e212dcc · 2024-05-10T10:21:30.000-03:00
* Logout should always reset the session.

* Update Sources/Auth/AuthClient.swift

Co-authored-by: Guilherme Souza &lt;grsouza@pm.me&gt;

---------

Co-authored-by: Guilherme Souza &lt;grsouza@pm.me&gt;
diff --git a/Sources/Auth/AuthClient.swift b/Sources/Auth/AuthClient.swift
@@ -698,15 +698,23 @@ public final class AuthClient: Sendable {
   /// If using ``SignOutScope/others`` scope, no ``AuthChangeEvent/signedOut`` event is fired.
   /// - Parameter scope: Specifies which sessions should be logged out.
   public func signOut(scope: SignOutScope = .global) async throws {
-    do {
-      // Make sure we have a valid session.
-      _ = try await sessionManager.session()
+    guard let accessToken = currentSession?.accessToken else {
+        configuration.logger?.warning("signOut called without a session")
+        return
+    }
+
+    if scope != .others {
+        await sessionManager.remove()
+        eventEmitter.emit(.signedOut, session: nil)
+    }
 
-      try await api.authorizedExecute(
+    do {
+      _ = try await api.execute(
         .init(
           url: configuration.url.appendingPathComponent("logout"),
           method: .post,
-          query: [URLQueryItem(name: "scope", value: scope.rawValue)]
+          query: [URLQueryItem(name: "scope", value: scope.rawValue)], 
+          headers: [.init(name: "Authorization", value: "Bearer \(accessToken)")]
         )
       )
     } catch {
@@ -720,11 +728,6 @@ public final class AuthClient: Sendable {
         throw error
       }
     }
-
-    if scope != .others {
-      await sessionManager.remove()
-      eventEmitter.emit(.signedOut, session: nil)
-    }
   }
 
   /// Log in an user given a User supplied OTP received via email.
